Skip to content

Commit 7bcff9f

Browse files
fw-strlenfw-strlen
committed
selftests: netfilter: Fix nft_audit.sh for newer nft binaries
JIRA: https://issues.redhat.com/browse/RHEL-60554 Upstream Status: commit 8a89015 commit 8a89015 Author: Phil Sutter <phil@nwl.cc> Date: Thu Sep 26 18:56:31 2024 +0200 selftests: netfilter: Fix nft_audit.sh for newer nft binaries As a side-effect of nftables' commit dbff26bfba833 ("cache: consolidate reset command"), audit logs changed when more objects were reset than fit into a single netlink message. Since the objects' distribution in netlink messages is not relevant, implement a summarizing function which combines repeated audit logs into a single one with summed up 'entries=' value. Fixes: 203bb9d ("selftests: netfilter: Extend nft_audit.sh") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fwestpha@redhat.com>
1 parent 8e207d3 commit 7bcff9f

File tree

1 file changed

+29
-28
lines changed

1 file changed

+29
-28
lines changed

tools/testing/selftests/netfilter/nft_audit.sh

Lines changed: 29 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -25,12 +25,31 @@ logread_pid=$!
2525
trap 'kill $logread_pid; rm -f $logfile $rulefile' EXIT
2626
exec 3<"$logfile"
2727

28+
lsplit='s/^\(.*\) entries=\([^ ]*\) \(.*\)$/pfx="\1"\nval="\2"\nsfx="\3"/'
29+
summarize_logs() {
30+
sum=0
31+
while read line; do
32+
eval $(sed "$lsplit" <<< "$line")
33+
[[ $sum -gt 0 ]] && {
34+
[[ "$pfx $sfx" == "$tpfx $tsfx" ]] && {
35+
let "sum += val"
36+
continue
37+
}
38+
echo "$tpfx entries=$sum $tsfx"
39+
}
40+
tpfx="$pfx"
41+
tsfx="$sfx"
42+
sum=$val
43+
done
44+
echo "$tpfx entries=$sum $tsfx"
45+
}
46+
2847
do_test() { # (cmd, log)
2948
echo -n "testing for cmd: $1 ... "
3049
cat <&3 >/dev/null
3150
$1 >/dev/null || exit 1
3251
sleep 0.1
33-
res=$(diff -a -u <(echo "$2") - <&3)
52+
res=$(diff -a -u <(echo "$2") <(summarize_logs <&3))
3453
[ $? -eq 0 ] && { echo "OK"; return; }
3554
echo "FAIL"
3655
grep -v '^\(---\|+++\|@@\)' <<< "$res"
@@ -129,31 +148,17 @@ do_test 'nft reset rules t1 c2' \
129148
'table=t1 family=2 entries=3 op=nft_reset_rule'
130149

131150
do_test 'nft reset rules table t1' \
132-
'table=t1 family=2 entries=3 op=nft_reset_rule
133-
table=t1 family=2 entries=3 op=nft_reset_rule
134-
table=t1 family=2 entries=3 op=nft_reset_rule'
151+
'table=t1 family=2 entries=9 op=nft_reset_rule'
135152

136153
do_test 'nft reset rules t2 c3' \
137-
'table=t2 family=2 entries=189 op=nft_reset_rule
138-
table=t2 family=2 entries=188 op=nft_reset_rule
139-
table=t2 family=2 entries=126 op=nft_reset_rule'
154+
'table=t2 family=2 entries=503 op=nft_reset_rule'
140155

141156
do_test 'nft reset rules t2' \
142-
'table=t2 family=2 entries=3 op=nft_reset_rule
143-
table=t2 family=2 entries=3 op=nft_reset_rule
144-
table=t2 family=2 entries=186 op=nft_reset_rule
145-
table=t2 family=2 entries=188 op=nft_reset_rule
146-
table=t2 family=2 entries=129 op=nft_reset_rule'
157+
'table=t2 family=2 entries=509 op=nft_reset_rule'
147158

148159
do_test 'nft reset rules' \
149-
'table=t1 family=2 entries=3 op=nft_reset_rule
150-
table=t1 family=2 entries=3 op=nft_reset_rule
151-
table=t1 family=2 entries=3 op=nft_reset_rule
152-
table=t2 family=2 entries=3 op=nft_reset_rule
153-
table=t2 family=2 entries=3 op=nft_reset_rule
154-
table=t2 family=2 entries=180 op=nft_reset_rule
155-
table=t2 family=2 entries=188 op=nft_reset_rule
156-
table=t2 family=2 entries=135 op=nft_reset_rule'
160+
'table=t1 family=2 entries=9 op=nft_reset_rule
161+
table=t2 family=2 entries=509 op=nft_reset_rule'
157162

158163
# resetting sets and elements
159164

@@ -177,13 +182,11 @@ do_test 'nft reset counters t1' \
177182
'table=t1 family=2 entries=1 op=nft_reset_obj'
178183

179184
do_test 'nft reset counters t2' \
180-
'table=t2 family=2 entries=342 op=nft_reset_obj
181-
table=t2 family=2 entries=158 op=nft_reset_obj'
185+
'table=t2 family=2 entries=500 op=nft_reset_obj'
182186

183187
do_test 'nft reset counters' \
184188
'table=t1 family=2 entries=1 op=nft_reset_obj
185-
table=t2 family=2 entries=341 op=nft_reset_obj
186-
table=t2 family=2 entries=159 op=nft_reset_obj'
189+
table=t2 family=2 entries=500 op=nft_reset_obj'
187190

188191
# resetting quotas
189192

@@ -194,13 +197,11 @@ do_test 'nft reset quotas t1' \
194197
'table=t1 family=2 entries=1 op=nft_reset_obj'
195198

196199
do_test 'nft reset quotas t2' \
197-
'table=t2 family=2 entries=315 op=nft_reset_obj
198-
table=t2 family=2 entries=185 op=nft_reset_obj'
200+
'table=t2 family=2 entries=500 op=nft_reset_obj'
199201

200202
do_test 'nft reset quotas' \
201203
'table=t1 family=2 entries=1 op=nft_reset_obj
202-
table=t2 family=2 entries=314 op=nft_reset_obj
203-
table=t2 family=2 entries=186 op=nft_reset_obj'
204+
table=t2 family=2 entries=500 op=nft_reset_obj'
204205

205206
# deleting rules
206207

0 commit comments

Comments
 (0)